Lenny Zeltser

JANUARY 6, 2021

Malware analysis sits at the intersection of incident response, forensics, system and network administration, security monitoring, and software engineering. As someone who’s helped thousands of security professionals learn how to analyze malware at SANS Institute , I have a few tips for how you can get started.

Malware 145

Malware Software Engineering Information Security 145

Security Affairs

MAY 1, 2023

Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks. While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks.

Malware 74

Malware DNS Education Media 74

Security Boulevard

NOVEMBER 2, 2022

Dear blog readers, Do you know a lot about information security cybercrime research OSINT and threat intelligence gathering including cyber threat actors research? Who is Dancho Danchev and what is Dancho Danchev's Blog? The post Who Wants to Become a Guest Blogger At This Blog? Stay tuned!

Cybercrime 52

Cybercrime InfoSec Cyber threats Accountability 52

Malwarebytes

JANUARY 16, 2024

The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. Together, CWRU and the FBI were able to identify that an IP address with which the malware was communicating had also been used to access the alumni email account of a man called Phillip Durachinsky.

Malware 83

Malware Passwords Identity Theft Data collection 83

Security Affairs

SEPTEMBER 30, 2022

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. ” The experts pointed out that the attacker needs admin-level privileges to the ESXi hypervisor before they can deploy malware. ” reads the report published by Mandiant. Pierluigi Paganini.

Malware 135

Malware Firewall Hacking Information Security 135

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware. ” concludes the report.

Malware 94

Malware Social Engineering Education Media 94

Security Affairs

APRIL 26, 2023

On March 7, 2023, the researchers found a Linux variant of the PingPull that was uploaded to VirusTotal, it had a very low detection rate (3 out of 62) “Despite a largely benign verdict, additional analysis has determined that this sample is a Linux variant of PingPull malware. ” reads the analysis published by Unit 42.

Malware 94

Malware Telecommunications Government VPN 94

Security Affairs

MAY 1, 2023

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. The researchers are tracking the spyware since March 2020, starting in 2023, multiple security experts [ 1 , 2 ] started monitoring its activity.

Surveillance 77

Surveillance Malware Spyware Education 77

Security Affairs

APRIL 5, 2023

The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com , the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors.

Malware 79

Malware Education Media Internet 79

Security Affairs

APRIL 13, 2023

Security experts warn that a Kyocera Android printing app is vulnerable to improper intent handling and can be abused to drop malware. An improper intent handling issue affecting the Kyocera Android printing app can allow malicious applications to drop malware.

Malware 94

Malware Mobile Education Media 94

Security Affairs

JUNE 3, 2022

An “extremely sophisticated” China-linked APT tracked as LuoYu was delivering malware called WinDealer via man-on-the-side attacks. The activity of the group was first documented by TeamT5 researchers that also reported the use of three malware families: SpyDealer, Demsty and WinDealer. To nominate, please visit:?.

Malware 133

Malware Telecommunications Internet Internet 133

Security Affairs

MARCH 2, 2023

Cyber criminals are targeting law firms with GootLoader and FakeUpdates (aka SocGholish) malware families. The firms were targeted as part of two distinct campaigns aimed at distributing GootLoader and FakeUpdates (aka SocGholish) malware. One campaign attempted to infect law firm employees with the GootLoader malware.

Malware 81

Malware Ransomware Engineering Internet 81

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware 98

Malware Banking Antivirus Phishing 98

Security Affairs

JANUARY 19, 2021

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads.

Malware 143

Malware Engineering Encryption Hacking 143

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps. In case the subscription process requires a confirmation code, the malware is able to get it from the notifications.

Malware 77

Malware Mobile Antivirus Hacking 77

Security Affairs

APRIL 13, 2022

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. Microsoft Threat Intelligence Center (MSTIC) highlighted the simplicity of the technique employed by the Tarrask malware that creates “hidden” scheduled tasks on the system to maintain persistence.

Malware 107

Malware Education Internet Internet 107

Security Affairs

MAY 30, 2022

Experts pointed out that the malware is being actively developed. The malware can quickly adopt one-day vulnerabilities (within days of a published proof of concept).” ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Malware 142

Malware DDOS IoT Cybercrime 142

Security Affairs

MAY 6, 2022

Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. The PrivateLoader malware is a downloader used by threat actors for downloading and installing multiple malware. ” reads a report published by Trend Micro.

Malware 89

Malware Antivirus DDOS Hacking 89

Security Affairs

APRIL 16, 2022

Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. ” reads the analysis published by CERT-UA.

Malware 81

Malware Phishing Banking Government 81

Spinone

OCTOBER 10, 2019

The best way to stay up-to-date with the recent trends is by reading the top cybersecurity blogs. Here’s our list of the best cybersecurity blogs to read and follow. Securing Tomorrow SecuringTomorrow is a blog by McAfee, one of the biggest security software providers.

Cybersecurity 56

Cybersecurity IoT Antivirus Education 56

Security Affairs

JUNE 22, 2022

I’m proud to announce that SecurityAffairs was awarded as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022. Security affairs has been voted for the third consecutive year as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022.

Cybersecurity 71

Cybersecurity Hacking Information Security Malware 71

Security Affairs

JANUARY 8, 2021

Multiple threat actors have recently started using the Ezuri memory loader as a loader to executes malware directly into the victims’ memory. According to researchers from AT&T’s Alien Labs, malware authors are choosing the Ezuri memory loader for their malicious codes. ” concludes the report.

Malware 133

Malware Encryption Antivirus Passwords 133

Security Affairs

MAY 3, 2022

A China-linked APT group, tracked as Moshen Dragon, has been observed targeting the telecommunication sector in Central Asia with ShadowPad and PlugX malware, SentinelOne warns. Both PlugX and ShadowPad malware are very common among China-linked cyberespionage groups. ” concludes the report.”Once To nominate, please visit:?

Software 106

Software Malware Telecommunications Antivirus 106

Security Affairs

DECEMBER 30, 2022

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, Blog Designer WordPress Plugin. SecurityAffairs – hacking, Lunix Malware). WooCommerce.

Malware 82

Malware Hacking Accountability Phishing 82

Malwarebytes

AUGUST 3, 2022

This blog post was authored by Ankur Saini and Hossein Jazi. In this blog post, we will analyze Woody Rat’s distribution methods, capabilities as well as communication protocol. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware 108

Malware Encryption Antivirus Architecture 108

Security Affairs

MAY 24, 2022

Interpol Secretary warns that nation-state malware will become available on the cybercrime underground in a couple of years. In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide.

Malware 106

Malware Cybercrime Government Engineering 106

Security Affairs

MAY 18, 2022

Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers from the Jamf Threat Labs team have uncovered a new variant of the UpdateAgent macOS malware dropper. Upon executing the malware, it connects to a remote server and retrieves a bash script to be executed.

Adware 78

Adware Malware Spyware Hacking 78

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. The experts discovered that the attackers are hiding encrypted shellcode containing the next-stage malware as 8KB pieces in event logs. The code is quite unique, with no similarities to known malware.

Malware 85

Malware Encryption Hacking Cybersecurity 85

Security Affairs

APRIL 11, 2022

Cybersecurity researchers spotted a new Windows information-stealing malware, named FFDroider, designed to steal credentials and cookies. Cybersecurity researchers from Zscaler ThreatLabz warn of a new information-stealing malware, named FFDroider, that disguises itself as the popular instant messaging app Telegram.

Malware 80

Malware Media Firewall Advertising 80

Security Affairs

FEBRUARY 14, 2023

Threat actors published more than 451 unique malware-laced Python packages on the official Python Package Index (PyPI) repository. Phylum researchers spotted more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to deliver clipper malware on the developer systems.

Malware 72

Malware Cryptocurrency Hacking Software 72

Lenny Zeltser

OCTOBER 13, 2020

To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. In addition to providing numerous tools as part of the REMnux distro, the project also offers several malware analysis tools as Docker images.

Malware 145

Malware Engineering Software Information Security 145

Security Affairs

MAY 22, 2022

Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon. Researchers from threat intelligence firm Cyble uncovered a malware campaign targeting the infoSec community. The malware, disguised as a fake PoC code, was available on GitHub.

InfoSec 141

InfoSec Malware Cybercrime Information Security 141

Security Affairs

MAY 25, 2023

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks.

Malware 83

Malware Hacking Government Cybersecurity 83

Security Affairs

APRIL 28, 2022

Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns seem to have adopted a new loader called Bumblebee. It is used by multiple cybercrime threat actors.”

Malware 80

Malware Cybercrime Encryption Hacking 80

Krebs on Security

APRIL 20, 2023

Researchers at ESET say this job offer from a phony HSBC recruiter on LinkedIn was North Korean malware masquerading as a PDF file. “Eventually, the threat actor was able to compromise both the Windows and macOS build environments,” 3CX said in an April 20 update on their blog. Image: Mandiant.

Malware 281

Malware Software Technology Accountability 281

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. A few hours later another security incident was reported by the media, ZDNet reported that the Node.js-based Pierluigi Paganini.

Internet 112

Internet Internet Hacking Advertising 112

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” An attacker with privileged access can exploit this bug to develop a malware that can run on an iPhone Bluetooth chip even when it is off. To nominate, please visit:? Pierluigi Paganini.

Malware 95

Malware Wireless Firmware Mobile 95